SharpSpray : Active Directory Password Spraying Tool. Auto Fetches User List And Avoids Potential Lockouts
SharpSpray is a C# port of Domain Password Spray with enhanced and extra capabilities. This tool uses LDAP Protocol to communicate with the Domain active directory services. Features Can operate from inside and outside a domain context.Exclude domain disabled accounts from the spraying.Auto gathers domain users from the Active directory.Avoid potential lockouts by excluding accounts within one attempt of locking out.Avoid potential lockouts...
Cloudquery : Transforms Your Cloud Infrastructure Into SQL Database For Easy Monitoring, Governance And Security
Cloudquery extracts the configuration and metadata of your infrastructure and transforms it into a relational SQL database. This allows you to write SQL queries for easy monitoring, governance, and security. Key Features Explore And Monitor With SQL CloudQuery extracts, transforms (normalize), and loads (ETL) the data from scattered APIs across different cloud and SaaS providers into the PostgreSQL relational database. This gives...
StreamDivert : Redirecting (Specific) TCP, UDP And ICMP Traffic To Another Destination
StreamDivert is a tool to man-in-the-middle or relay in and outgoing network connections on a system. It has the ability to, for example, relay all incoming SMB connections to port 445 to another server, or only relay specific incoming SMB connections from a specific set of source IP's to another server. Summed up, StreamDivert is able to: Relay all incoming...
JadedWraith : Light-weight UNIX Backdoor
JadedWraith is a Lightweight UNIX backdoor for ethical hacking. Useful for red team engagements and CTFs. Something I wrote a few years ago as part of a game I was playing with a friend to try to backdoor as many VMs in each other's labs without being caught or having our tools reverse engineered/signatured. Features JadedWraith is a powerful backdoor capable...
DongTai : An Interactive Application Security testing(IAST) Product That Supports The Detection Of OWASP WEB TOP 10 Vulnerabilities, Multi-Request Related Vulnerabilities (Including Logic Vulnerabilities, Unauthorized Access Vulnerabilities, Etc.), Third-Party...
DongTai IAST is an open-source passive interactive security testing (IAST) product. It uses dynamic hooks and taint tracking algorithms to achieve universal vulnerability detection and multiples request associated with vulnerability detection (including but not limited to unauthorized vulnerabilities, overpower vulnerabilities), Third-party component vulnerability detection, etc. Currently, applications in Java and Python are supported for vulnerability detection. Architecture DongTai IAST has multiple basic services, including DongTai-web, DongTai-webapi, DongTai-openapi, DongTai-engine, agent, DongTai-deploy, DongTai-Base-Image and DongTai-Plugin-IDEA: DongTai-web is the product page...
QueenoSno : Golang Binary For Data Exfiltration With ICMP Protocol
QueenSono tool only relies on the fact that ICMP protocol isn't monitored. It is quite common. It could also been used within a system with basic ICMP inspection (ie. frequency and content length watcher) or to bypass authentication step with captive portal (used by many public Wi-Fi to authenticate users after connecting to the Wi-Fi e.g Airport Wi-Fi). Try...
PoW-Shield : Project Dedicated To Fight DDoS And Spam With Proof Of Work, Featuring An Additional WA
PoW-Shield provides DDoS protection on OSI application layer by acting as a proxy that utilizes proof of work between the backend service and the end user. This project aims to provide an alternative to general captcha methods such as Google's ReCaptcha that has always been a pain to solve. Accessing a web service protected by PoW Shield has never...
Linux VPN Software – 3 Decent Options
All users connect via a VPN whenever accessing public Wi-Fi connections, especially when sending personal information over an insecure network. This article will describe 3 VPN software based on the list of vpntesting.com for various Linux which you can use to ensure that nobody except the physical servers you are connected to know who you are, what you are...
Haklistgen : Turns Any Junk Text Into A Usable Wordlist For Brute-Forcing
Haklistgen turns any junk text into a usable wordlist for brute-forcing. Installation go install github.com/hakluke/haklistgen@latest Usage Examples Scrape all words out of an HTTP response to build a directory bruteforce wordlist: curl https://wikipedia.org | haklistgen Pipe a list of subdomains to it to generate a wordlist for bruteforcing more subdomains: subfinder -silent -d example.com | haklistgen Piping in a custom JavaScript file could yield some interesting results: curl...
Reconky : A Great Content Discovery Bash Script For Bug Bounty Hunters Which Automate Lot Of Task And Organized It
Reconky is a script written in bash to automate the task of recon and information gathering. This Bash Script allows you to collect some information that will help you identify what to do next and where to look for the required target. Main-Features It will Gathers Subdomains with assetfinder and Sublist3rDuplex check for subdomains using amassEnumerates subdomains on a target domain...
